Comments:"Dan Kaminsky Highlights Flaws Bitcoin - Business Insider"
URL:http://www.businessinsider.com/dan-kaminsky-highlights-flaws-bitcoin-2013-4
Two years ago, I tried to hack BitCoin.
I failed.
This was very exciting.
It is a fairly open secret that almost all systems can be hacked, somehow. It is a less spoken of secret that such hacking has actually gone quite mainstream. Everybody hacks … sometimes.
But I am not here to discuss the raging question that is — what do we do about the fact that we’ve built a global economy on a system optimized for moving pictures of cats?
They really are very cute.
Seriously though, as an engineer and as a hacker (and I promise you, these are two very different things), BitCoin surprised me. Here was a system with the following properties:
- Created an enormous global cloud of always-on, listening machines
- Spoke its own fiddly little custom network protocol
- Written in C++, which for all of its strengths is not usually the safest thing in the world to be reading random Internet garbage with
- Directly implemented the delivery of a Pot Of Gold At The End Of The Rainbow for any hacker who could break it
By all extant metrics in security system review, this system should have failed instantaneously, at every possible layer.
And, to be fair, it has failed at other layers – BitCoin thefts have occurred, in the meta-code that surrounds the core technology itself.
But the core technology actually works, and has continued to work, to a degree not everyone predicted. Time to enjoy being wrong. What the heck is going on here?
First of all, yes. Money changes things.
A lot of the slop that permeates most software is much less likely to be present when the developer is aware that, yes, a single misplaced character really could End The World. The reality of most software development is that the consequences of failure are simply nonexistent. Software tends not to kill people and so we accept incredibly fast innovation loops because the consequences are tolerable and the results are astonishing.
BitCoin was simply developed under a different reality.
The stakes weren’t obscured, and the problem wasn’t someone else’s.
They didn’t ignore the engineering reality, they absorbed it and innovated ridiculously.
DIFFERENT THIS TIME, FOR REAL
Bitcoin reflects an entirely alien design regime. (To geek out a bit, in the context of actual security paranoia, C++ is actually a great choice. It allows for clean infrastructure, and if you know what you’re doing, you actually know what you’re doing. Modern languages like JavaScript and Ruby are great, in that they do a huge amount for you under the surface, but then you don’t actually know what they’re going to do. Ruby got burned pretty badly recently when some systems listening on the network were a little too … friendly. Engineering is a game of tradeoffs. So, of course, is business.)
But all that was obvious two years ago, when my fifteen point list of obvious likely bugs was systematically destroyed by a codebase that quite frankly knew better.
What is obvious now?
BitCoin is actually an exploit against network complexity. Not financial networks, or computer networks, or social networks. Networks themselves.
To be quite specific: BitCoin is a rejection of the regulation of monetary flows.
The cost of regulating any network actually goes up exponentially with the number of nodes that must be monitored (you need a hierarchy of systems to perform ‘guard labor’ to make sure systems are behaving within declared parameters).
But the cost of adding yourself to the BitCoin network is not exponential.
Yes, the cost increases over time. BitCoin has something called a Blockchain, which is a list of all transactions that have ever occurred, ever. You can think of this as an account ledger, containing the content of every account, everywhere. It’s a lot of data, and it gets bigger every day, and every first class participant of BitCoin must have all of it in order for the system to work.
You’re probably thinking, there’s no way that can work. Eventually, that becomes too much data, and BitCoin eventually devolves into the present state of affairs with specially invested institutions forming “the banking community”.
That is what I thought, as well.
We are right, but we are wrong.
BARELY SCRATCHED THE SURFACE
The system fails, but when? Storage and bandwidth are themselves getting hilariously inexpensive. You can’t just ignore time (like all those other programming languages).
My mistake two years ago was thinking too much like an engineer, and not enough like certain Business Insider readers.
BitCoin operates in a domain that is Too Big To Regulate. I predicted the number of systems monitoring Bitcoin transactions would fall — and it did, by about 75% last time I checked.
What’s important to realize is that it’s not the size of the base that matters.
It’s the fact that, if it was truly threatened, the cost to add more nodes — people participating in the Bitcoin experiment — is much lower than the cost to prevent the addition of new nodes.
There’s just a deep network of “hearts and minds” that can keep that BitCoin Ledger alive.
That all being said, BitCoin has not actually won the day.
There have been some major thefts – the BitFloor grab at 24,000 BTC, the Linode cloud robbery at 46,703 BTC, even the single user-steal at 25,000BTC.
But BitCoin’s profoundly cool design allows one to track the thieves.
When $50K of BitCoins is stolen today, and is $500K of BitCoin five years from now, every last cent of that filthy lucre can be monitored with acute cryptographic precision until the end of time.
And indeed, as far as I’ve seen none of the stolen BitCoin have actually been spent in any way. There’s actually an entire ecosystem around BitCoin – web sites, “mining pools”, and the like – all of which would have to stamp their approval on a transaction involving the obviously stolen funds, none of which have seemingly been asked to.
And that’s interesting, because possession of stolen property is and will forever be a criminal offense, and nothing is more provably stolen than the cryptographic taint of a transaction with money from a stolen account.
CONCENTRATION OF AUTHORITY?
I actually have no idea what will happen when these chickens come home to roost. Right now, everyone wins – hoarding BitCoins is probably the optimum strategy even if you didn’t steal them, people who were robbed move on with their life in normal circumstances, and the ecosystem can pretend things are better now.
The “official truth” of what money has changed hands is really in the hands of less than five or ten organizations, and that’s being generous. It’s somewhat the case that if those actors really anger people, the flareup could create a sort of cryptographically enforced uprising whereby a new set of actors takes majority control of ground truth.
But the power of the masses is only shrinking. BitCoin made a technical choice during its initial design that allowed some people to do far more work than others, simply by having a graphical accelerator or even by designing custom hardware. This is the precise capability that large financial actors and nation states have above and beyond the private sector’s capacity to produce, and it’s not obvious that even the BitCoin developers have the political ability to override a technical choice that would also harm the technology’s largest (public) players.
I provide these details to make it clear – the BitCoin experiment is not complete, there is actually quite a bit of interesting work to be done and it’s not at all clear what the future holds for the technology.
Much thanks to Michael Tiffany and Ash Kalb, with whom many of these issues were discussed.